Telemedicine is Inevitable and Creating New Compliance Challenges for Providers
By: Joe Galvin
It’s been over twenty years since the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA).
Five years ago, the Omnibus Rule went into effect, and since then any service provider directly or indirectly processing, storing, or handling patient health information (PHI) must adhere to the standards and policies legislated through HIPAA.
In the case of digital healthcare and protecting citizens’ private information, the Congress was ahead of the curve, envisioning a day when most healthcare will not only be managed online (with insurance claims and so forth) but delivered online (with the growth of telehealth and telemedicine).
Rising healthcare costs and the growing need for access to affordable health care are driving Americans to telemedicine. The convenience, efficiency, and affordability of this care model are becoming appealing options for both patients, hospitals, private practices and insurance providers.
Industry experts predict that as patients become more proactive in their healthcare delivery choices, use of telehealth services will increase from an estimated 250,000 patients in 2013 to an estimated 3.2 million patients in 2018.
Recent surveys also confirm that 74 percent of U.S. consumers would use telehealth services, 70 percent are comfortable communicating with healthcare providers online, and 80 percent have no qualms about submitting their medical information online.
With the rapid evolution of the health care industry, health care delivery organizations – whether medical clinics, hospitals, or insurance companies – are constantly looking for innovative solutions to meet economic and operational challenges.
Telemedicine – using high-quality, real-time video encounters between patients and provider over the Internet – is a powerful tool that can support healthier patients and bottom lines.
Telemedicine aims to provide care anytime, anywhere, on any type of device—be it a web browser, a mobile phone or tablet, or a kiosk. When telemedicine is integrated into an existing health care system, patients have access to on-demand care securely from quality providers with a simple point and click.
The result? Fewer logistics, less traveling, avoidance of wait times, and reduction of expensive urgent care visits.
Given this transformative technology, a patient’s location and mobility does not limit the scope or quality care. The need to travel to a physical facility is no longer an assumed requirement or a barrier to the provider or patient.
Enlightened companies, including pharmacies like Walgreens and CVS, are opening up not just their “minute clinics” and making basic services like vaccinations available, but are also starting to use telemedicine within their retail stores so patients can visit with a doctor who is hundreds, or thousands of miles away, including specialists, at their favorite pharmacy.
These retailers are investing in infrastructure and software which deliver extensive telehealth platforms, with on-calls specialists who can be brought in for specific needs, including initial diagnoses of certain conditions.
Powered by the convenience, ease, and affordability of telehealth, providers and patients are no longer be burdened by office hours, or the longstanding paradigm that patients bear the responsibility of physically traveling to the care they require.
Retail telehealth solutions support both patients and caregivers as they navigate the modern-day health care landscape together and create new revenue streams for retail pharmacies.
Walgreens today is charging $49 per visit, offering “Next time skip the waiting room. Video chat with a U.S. board-certified physician who can treat common illnesses like sinus and ear infections, sore throats, and skin problems, 24/7. Doctors can even write prescriptions, if necessary.” Their “MDLive” platform also helps patients connect with live doctors on their phone, online through video chat – even in their homes.
New mergers in the healthcare space, like last December’s $69 billion Aetna and CVS takeover, are poised to give telemedicine a huge boost, according to an analysis by CNBC health and technology reporter Christina Farr. Although telemedicine has been around for nearly 10 years, it has yet to become a household name among consumers. But through partnerships with tech giants, prominent healthcare namesakes are helping it gain recognition, Ms. Farr argues.
All providers of healthcare are wise to take notice and are planning and rolling out their own solutions – healthier for all in the circle of care.
Challenges for A New Generation of E-Health Contact Centers
For contact centers, this means every verified name, address, social security number, diagnosis code, provider’s name, and any other PHI data must be securely handled, whether in a recorded phone call, in a forwarded email chain, or in an appointment reminder text message. Understanding the relationship between HIPAA compliance and the contact center is essential to protecting patients and contributing to the overall patient experience.
PHI data is extremely valuable.
According to some security experts an electronic health record (EHR) is worth 10x a U.S. credit card number on the black market.
Why is it worth so much? Hackers can use the records to create fake IDs, enabling them to buy medical equipment or drugs. Alternatively, they can use the patient data to file fake claims with insurance companies. Healthcare is expensive, and cyber criminals are taking advantage.
Additionally, if a credit card goes missing, a consumer can cancel it. If their social security number is misused, they can change it. But EHR are understood as a permanent representation of one’s identity.
HIPAA is the set of standards and protocols any service provider must follow when handling PHI. In the contact center, there are many ways PHI data may be shared, which makes it a huge challenge to oversee.
Contact centers handle billing, collections, communications, insurance, ambulatory services, appointment scheduling, and much more. In the future, add genetics data.
Contact centers that fall into any of these categories must ensure they are HIPAA compliant.
Healthcare contact centers must offer comprehensive training to their Privacy Security Compliance Officer (PSCO), a required position under HIPAA that oversees compliance. All staff must then be adequately trained in HIPAA Privacy and Security. They must also have a manual for policies, forms, and procedures. The PSCO conducts gap analysis, creates privacy and security policies, and completes contingency plans.
They must implement cyber security safeguards to protect your data from hackers or ransomware attacks. The cost of these breaches can be in the millions, tens of millions and higher.
AI Helps Automate Compliance
Healthcare contact centers are required by law to monitor and remediate their networks to ensure continued compliance, and to provide all records of conversations, which are expanding beyond what we imagined a few years ago.
If contact centers record inbound patient calls, record outgoing calls, take credit card information, including CCV codes – the liabilities add up.
If contact centers do any of these, without proper procedures and software in place, they may not be HIPAA compliant.
For example, it is against PCI-DSS standards to store a credit card CCV, in any way.
If contact centers record outgoing calls, the patients the agents calling them may not know they are being recorded.
If supervisors use ‘barge’ or ‘whisper’ to listen in on a conversation, patient’s must be clearly told this is the case.
Amplifying the risk is omnichannel strategies.
Text messages, phone conversations, email messages, voicemails – each of these channels are covered under HIPAA.
AI and Automation to the Rescue!
Given growth, scale and the opportunity to serve more people for less money, now is the time for contact centers in the healthcare realm to start exploring how software platforms can ease their compliance burdens and reduce risks. Not only is it expensive to have to hire more people, or to walk away from business growth opportunities due to risks like those articulated earlier, it is literally impossible to manage all this data without support from software like that which CustomerView offers.
We’ve developed an ability to record, store, analyze and optimize millions of conversations – securely and affordably, we can drive compliance on 100% of the conversations.
Let’s engage and share ideas – with partnership, integration and collaboration, not only can we solve for protecting individuals, healthcare providers, insurers and others who are part of a “circle of care” – we can also contribute to more access to care for so many millions more, respectfully leveraging connectivity, cloud and applications that are truly game changing.
Recently hired Genesys CEO Tony Bates comes to Denver this week for Xperience19, bringing together thousands of customers, partners and contact center experts to discuss and demonstrates the latest ideas and innovations that change the way brands connect with their customers.read more
Even as companies in the contact center and “CX” industry continue to push self-service, chatbots, social messaging apps and “automation” that enable machines to do the work of traditional agents, a new Business Process Outsourcing (BPO) company based in Orlando, Florida was introduced in Denver, Colorado at Genesys’ annual global gathering, Xperience 19.read more
According to research conducted by The Quality Assurance & Training Connection (QATC), the average annual turnover rate for agents in US contact centers ranges between 30-45 percent, which is more than double the average for all occupations in the country.read more